diff options
Diffstat (limited to 'content/docs/user_guide')
-rw-r--r-- | content/docs/user_guide/FAQ.md | 12 | ||||
-rw-r--r-- | content/docs/user_guide/checkpoint_restore.md | 34 | ||||
-rw-r--r-- | content/docs/user_guide/compatibility/_index.md | 8 | ||||
-rw-r--r-- | content/docs/user_guide/debugging.md | 8 | ||||
-rw-r--r-- | content/docs/user_guide/install.md | 13 | ||||
-rw-r--r-- | content/docs/user_guide/platforms.md | 8 | ||||
-rw-r--r-- | content/docs/user_guide/quick_start/_index.md | 6 | ||||
-rw-r--r-- | content/docs/user_guide/quick_start/kubernetes.md | 2 |
8 files changed, 43 insertions, 48 deletions
diff --git a/content/docs/user_guide/FAQ.md b/content/docs/user_guide/FAQ.md index 2cee17477..05455a70f 100644 --- a/content/docs/user_guide/FAQ.md +++ b/content/docs/user_guide/FAQ.md @@ -89,12 +89,12 @@ order to communicate to the DNS server. runsc network is isolated from the host and cannot access the DNS server on the host network without breaking the sandbox isolation. There are a few different workarounds you can try: -* Use default bridge network with `--link` to connect containers. Default - bridge doesn't use embedded DNS. -* Use [`--network=host`][host-net] option in runsc, however beware that it will - use the host network stack and is less secure. -* Use IPs instead of container names. -* Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes. +* Use default bridge network with `--link` to connect containers. Default + bridge doesn't use embedded DNS. +* Use [`--network=host`][host-net] option in runsc, however beware that it will + use the host network stack and is less secure. +* Use IPs instead of container names. +* Use [Kubernetes][k8s]. Container name lookup works fine in Kubernetes. [security-model]: /docs/architecture_guide/security/ [old-linux]: /docs/user_guide/networking/#gso diff --git a/content/docs/user_guide/checkpoint_restore.md b/content/docs/user_guide/checkpoint_restore.md index bbc08a5f2..f13c5199e 100644 --- a/content/docs/user_guide/checkpoint_restore.md +++ b/content/docs/user_guide/checkpoint_restore.md @@ -20,7 +20,7 @@ file will be called `checkpoint.img` and necessary directories will be created if they do not yet exist. > Note: Two checkpoints cannot be saved to the same directory; every image-path -provided must be unique. +> provided must be unique. ```bash runsc checkpoint --image-path=<path> <container id> @@ -31,11 +31,11 @@ continue to run after the checkpoint has been made. (By default, containers stop their processes after committing a checkpoint.) > Note: All top-level runsc flags needed when calling run must be provided to -checkpoint if --leave-running is used. +> checkpoint if --leave-running is used. > Note: --leave-running functions by causing an immediate restore so the -container, although will maintain its given container id, may have a different -process id. +> container, although will maintain its given container id, may have a different +> process id. ```bash runsc checkpoint --image-path=<path> --leave-running <container id> @@ -83,19 +83,19 @@ docker start --checkpoint --checkpoint-dir=<directory> <container> ### Issues Preventing Compatibility with Docker -- **[Moby #37360][leave-running]:** Docker version 18.03.0-ce and earlier hangs - when checkpointing and does not create the checkpoint. To successfully use - this feature, install a custom version of docker-ce from the moby repository. - This issue is caused by an improper implementation of the `--leave-running` - flag. This issue is fixed in newer releases. -- **Docker does not support restoration into new containers:** Docker currently - expects the container which created the checkpoint to be the same container - used to restore which is not possible in runsc. When Docker supports container - migration and therefore restoration into new containers, this will be the - flow. -- **[Moby #37344][checkpoint-dir]:** Docker does not currently support the - `--checkpoint-dir` flag but this will be required when restoring from a - checkpoint made in another container. +* **[Moby #37360][leave-running]:** Docker version 18.03.0-ce and earlier hangs + when checkpointing and does not create the checkpoint. To successfully use + this feature, install a custom version of docker-ce from the moby repository. + This issue is caused by an improper implementation of the `--leave-running` + flag. This issue is fixed in newer releases. +* **Docker does not support restoration into new containers:** Docker currently + expects the container which created the checkpoint to be the same container + used to restore which is not possible in runsc. When Docker supports container + migration and therefore restoration into new containers, this will be the + flow. +* **[Moby #37344][checkpoint-dir]:** Docker does not currently support the + `--checkpoint-dir` flag but this will be required when restoring from a + checkpoint made in another container. [leave-running]: https://github.com/moby/moby/pull/37360 [checkpoint-dir]: https://github.com/moby/moby/issues/37344 diff --git a/content/docs/user_guide/compatibility/_index.md b/content/docs/user_guide/compatibility/_index.md index 4cd1b31b0..e11e64339 100644 --- a/content/docs/user_guide/compatibility/_index.md +++ b/content/docs/user_guide/compatibility/_index.md @@ -40,10 +40,10 @@ The following applications/images have been tested: Most common utilities work. Note that: -* Some tools, such as `tcpdump` and old versions of `ping`, require explicitly - enabling raw sockets via the unsafe `--net-raw` runsc flag. -* Different Docker images can behave differently. For example, Alpine Linux and - Ubuntu have different `ip` binaries. +* Some tools, such as `tcpdump` and old versions of `ping`, require explicitly + enabling raw sockets via the unsafe `--net-raw` runsc flag. +* Different Docker images can behave differently. For example, Alpine Linux and + Ubuntu have different `ip` binaries. Specific tools include: diff --git a/content/docs/user_guide/debugging.md b/content/docs/user_guide/debugging.md index 4d26d557c..c19269934 100644 --- a/content/docs/user_guide/debugging.md +++ b/content/docs/user_guide/debugging.md @@ -106,9 +106,9 @@ Then restart docker to refresh the runtime options. While the container is runni execute `runsc debug` to collect profile information and save to a file. Here are the options available: - * **--profile-heap:** Generates heap profile to the speficied file. - * **--profile-cpu:** Enables CPU profiler, waits for `--profile-delay` seconds - and generates CPU profile to the speficied file. +* **--profile-heap:** Generates heap profile to the speficied file. +* **--profile-cpu:** Enables CPU profiler, waits for `--profile-delay` seconds + and generates CPU profile to the speficied file. For example: @@ -120,7 +120,7 @@ sudo runsc --root /var/run/docker/runtime-runsc-prof/moby debug --profile-heap=/ sudo runsc --root /var/run/docker/runtime-runsc-prof/moby debug --profile-cpu=/tmp/cpu.prof --profile-delay=30 63254c6ab3a6989623fa1fb53616951eed31ac605a2637bb9ddba5d8d404b35b ``` -The resulting files can be opened using `go tool pprof` or [pprof]. The examples +The resulting files can be opened using `go tool pprof` or [pprof][pprof]. The examples below create image file (`.svg`) with the heap profile and writes the top functions using CPU to the console: diff --git a/content/docs/user_guide/install.md b/content/docs/user_guide/install.md index e18af233b..c966c7bd5 100644 --- a/content/docs/user_guide/install.md +++ b/content/docs/user_guide/install.md @@ -87,10 +87,10 @@ curl -fsSL https://gvisor.dev/archive.key | sudo apt-key add - Based on the release type, you will need to substitute `${DIST}` below, using one of: - * `nightly`: For all nightly releases. - * `latest`: For the latest release. - * `${yyyymmdd}`: For specific releases. - * `${yyyymmdd}.${rc}`: For a specific point release. +* `nightly`: For all nightly releases. +* `latest`: For the latest release. +* `${yyyymmdd}`: For specific releases. +* `${yyyymmdd}.${rc}`: For a specific point release. The repository for the release you wish to install should be added: @@ -153,11 +153,6 @@ runsc install ``` [latest-nightly]: https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc - [latest-hash]: https://storage.googleapis.com/gvisor/releases/nightly/latest/runsc.sha512 - -[oci]: https://www.opencontainers.org - [old-linux]: /docs/user_guide/networking/#gso - [releases]: https://github.com/google/gvisor/releases diff --git a/content/docs/user_guide/platforms.md b/content/docs/user_guide/platforms.md index e15072068..72e640cc8 100644 --- a/content/docs/user_guide/platforms.md +++ b/content/docs/user_guide/platforms.md @@ -58,10 +58,10 @@ If you are using a virtual machine you will need to make sure that nested virtualization is configured. Here are links to documents on how to set up nested virtualization in several popular environments: - * Google Cloud: [Enabling Nested Virtualization for VM Instances][nested-gcp] - * Microsoft Azure: [How to enable nested virtualization in an Azure VM][nested-azure] - * VirtualBox: [Nested Virtualization][nested-virtualbox] - * KVM: [Nested Guests][nested-kvm] +* Google Cloud: [Enabling Nested Virtualization for VM Instances][nested-gcp] +* Microsoft Azure: [How to enable nested virtualization in an Azure VM][nested-azure] +* VirtualBox: [Nested Virtualization][nested-virtualbox] +* KVM: [Nested Guests][nested-kvm] ### Configuring Docker diff --git a/content/docs/user_guide/quick_start/_index.md b/content/docs/user_guide/quick_start/_index.md index 770fd8893..bb35e748f 100644 --- a/content/docs/user_guide/quick_start/_index.md +++ b/content/docs/user_guide/quick_start/_index.md @@ -7,6 +7,6 @@ gVisor can be used with Docker, Kubernetes, or directly using `runsc` with crafted OCI spec for your container. Use the links below to see detailed instructions for each of them: - * [Docker](./docker/): The quickest and easiest way to get started. - * [Kubernetes](./kubernetes/): Isolate Pods in your K8s cluster with gVisor. - * [OCI](./oci/): Expert mode. Customize gVisor for your environment. +* [Docker](./docker/): The quickest and easiest way to get started. +* [Kubernetes](./kubernetes/): Isolate Pods in your K8s cluster with gVisor. +* [OCI](./oci/): Expert mode. Customize gVisor for your environment. diff --git a/content/docs/user_guide/quick_start/kubernetes.md b/content/docs/user_guide/quick_start/kubernetes.md index b3b5e0a55..e21abbc70 100644 --- a/content/docs/user_guide/quick_start/kubernetes.md +++ b/content/docs/user_guide/quick_start/kubernetes.md @@ -36,4 +36,4 @@ WordPress site. You can view the full documentation [here][gke-sandbox-docs]. [gke-sandbox-docs]: https://cloud.google.com/kubernetes-engine/docs/how-to/sandbox-pods [gvisor-containerd-shim]: https://github.com/google/gvisor-containerd-shim [runtimeclass]: https://kubernetes.io/docs/concepts/containers/runtime-class/ -[wordpress-quick]: /docs/tutorials/kubernetes/
\ No newline at end of file +[wordpress-quick]: /docs/tutorials/kubernetes/ |